-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Request] Ignore Ports When Nothings Listening #19142
Comments
Hello!
Description: Syntax of
Hence, your case is |
Fixing the misorder: c7ab71c Correct syntax for your case: |
Not sure on having automation "out-of-box" here. Please, provide also
Yes, because fields I can see |
Giving people the option to enable this would make sense, as devices on an internal network are a lot less noisy.
So there is currently no option to specify incoming and outgoing connections separately. Is this what you are looking for: |
Hello!
Thanks for the updated screenshot. It helps to propose to you the https://github.com/stamparm/maltrail/blob/master/maltrail.conf#L127-L128 Your case would be:
Why not? Use two strings. E.g.:
Netmasks/ranges are not supported, as far as I remember. So
Yes, it helps. Thank you! |
I get a lot of events each day just from mass scans, which makes it hard to filter out the more useful events.
Would it be possible to ignore any scan on ports that are not in use to decrease the number of events.
As an example, i don't use telnet so every time that port 23 gets scanned can this be ignored, thanks.
The text was updated successfully, but these errors were encountered: